[Secure-testing-commits] r47896 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Jan 11 06:17:08 UTC 2017
Author: carnil
Date: 2017-01-11 06:17:08 +0000 (Wed, 11 Jan 2017)
New Revision: 47896
Modified:
data/CVE/list
Log:
Update information for CVE-2016-2336
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-11 06:08:46 UTC (rev 47895)
+++ data/CVE/list 2017-01-11 06:17:08 UTC (rev 47896)
@@ -35740,7 +35740,10 @@
CVE-2016-2337 (Type confusion exists in _cancel_eval Ruby's TclTkIp class method. ...)
TODO: check
CVE-2016-2336 (Type confusion exists in two methods of Ruby's WIN32OLE class, ...)
- TODO: check
+ - ruby2.3 <unfixed> (unimportant)
+ - ruby2.1 <removed> (unimportant)
+ NOTE: Wulnerable win32ole ruby extension not included in binary packages
+ NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0029/
CVE-2016-2335 (The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip ...)
{DSA-3599-1 DLA-510-1}
- p7zip 15.14.1+dfsg-2 (bug #824160)
More information about the Secure-testing-commits
mailing list